CodeQL进阶知识(Java)
笔者在阅读了CodeQL的官方文档,熟悉相关语法后,对CodeQL中的Java进行了一番简单的研究,本文分享这一过程的一些收获。规则的封装通过class我们可以封装一系...
由破解电梯卡初识RFID实验
RFID频段分类RFID是Radio Frequency Identification的缩写,术语为射频识别,俗称电子标签。按照工作频率的不同,RFID标签可以分为低频(LF)、高频(HF)、...
The More You Know, The More You Know You Don’t Know——回顾 2021 年在野利用的 0day 漏洞
作者:Maddie Stone@Google Project Zero 译者:知道创宇404实验室翻译组 原文链接:https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-mor...
Extracting WhatsApp messages from an iOS backup
Hi everyone! ? I was recently exploring how to get a local backup of WhatsApp messages from my iPhone. I switched from Android to iOS in the past a...
Writing a Linux Kernel Remote in 2022
Overview At Appgate Threat Advisory Services, we focus on offensive security research to keep up-to-date with the constantly evolving cyber securit...
Quantum Ransomware
In one of the fastest ransomware cases we have observed, in under four hours the threat actors went from initial access, to domain wide ransomware....
CodeQL能找到log4shell(CVE-2021-44228)漏洞吗?
0x00 大纲 本文将回答下面几个问题: CodeQL能否找到log4shell这个漏洞 如何基于log4j-api-2.14.1.jar和log4j-core-2.14.1.jar创建CodeQL database 如...
每日安全动态推送(04-25)
Tencent Security Xuanwu Lab Daily News• Compile (Linux only):https://github.com/borzacchiello/naaz ・ 基于 Ghidra PCode ...
WSO2 fileupload 任意文件上传漏洞 CVE-2022-29464
漏洞描述CVE-2022-29464 是 Orange Tsai发现的 WSO2 上的严重漏洞。该漏洞是一种未经身份验证的无限制任意文件上传,允许未经身份验证的攻击者通过上传恶意 J...
Flurry Finance 攻击事件分析与复现(一):闪电贷操纵 rebase 过程
此篇文章由 Cobo 区块链安全团队供稿,团队成员来自知名安全实验室,有多年网络安全与漏洞挖掘经验,曾协助谷歌、微软等厂商处理高危漏洞并获致谢,在微软 MS...